(PCCSE) Prisma Certified Cloud Security Engineer Exam Test

Welcome to Exam Prisma Certified Cloud Security Engineer Exam (Verified QA)

The Palo Alto Networks Certified Cloud Security Engineer (PCCSE) certification validates the knowledge, skills, and abilities required to onboard, deploy, and administer all aspects of Prisma Cloud. PCCSE covers Prisma Cloud, Prisma Cloud Enterprise, and Prisma Cloud Compute. It showcases an individual's knowledge of the Prisma Cloud platform applications, data, and the entire cloud native technology stack—throughout the development lifecycle and across multi- and hybrid cloud environments.

Exam Domain Objective :-

Domain 1 Cloud Security Posture Management (CSPM)

Task 1.1 Identify assets in a Cloud account

1.1.1 Inventory of resources in a cloud account

1.1.2 Resource configuration history

1.1.3 Asset configuration changes

Task 1.2 Configure policies

1.2.1 Custom policies

1.2.2 Policy types

1.2.3 Supported variables within configuration-run custom policies

Task 1.3 Configure compliance standards

1.3.1 Standards

1.3.2 Reports

Task 1.4 Configure alerting and notifications

1.4.1 Alert states

1.4.2 Alert rules

1.4.3 Alert notifications and reports

1.4.4 Alert workflow

Task 1.5 Use third-party integrations

1.5.1 Inbound and outbound notifications

Task 1.6 Perform ad hoc investigations

1.6.1 Resource configuration with RQL

1.6.2 User activity using RQL

1.6.3 Network activity using RQL

1.6.4 Anomalous user events

1.6.5 Asset details using RQL

Task 1.7 Remediate alerts

1.7.1 Auto-remediation

1.7.2 Manual versus automated remediation

Task 1.8 Use SecOps Dashboard

1.8.1 Internet-connected assets by source network traffic behavior

1.8.2 Components

Domain 2 Cloud Workload Protection (CWP)

Task 2.1 Monitor and defend against image vulnerabilities

2.1.1 Options available in the Monitor section

2.1.2 Options available in the Policies section

Task 2.2 Monitor and defend against host vulnerabilities

2.2.1 Options available in the Monitor section

2.2.2 Options available in the Policies section

Task 2.3 Monitor and enforce image/container compliance

2.3.1 Options available in the Monitor section

2.3.2 Options available in the Policies section

Task 2.4 Monitor and enforce host compliance

2.4.1 Options available in the Monitor section

2.4.2 Options available in the Policies section

Task 2.5 Monitor and defend containers and hosts during runtime

2.5.1 Container models

2.5.2 Host observations

2.5.3 Runtime policies

2.5.4 Runtime audits

2.5.5 Incidents using Incident Explorer

Task 2.6 Monitor and protect against serverless vulnerabilities

2.6.1 Monitor

2.6.2 Policy

2.6.3 Auto-protect

Task 2.7 Configure WAAS

2.7.1 Application specifications

2.7.2 API methods

2.7.3 Rest API endpoints

2.7.4 DoS protection

2.7.5 Access control to Limit inbound sources

2.7.6 Network lists

2.7.7 Access control to enforce HTTP headers and file uploads

2.7.8 Bot protection

2.7.9 Rules

2.7.10 Audit logs

Task 2.8 Monitor and protect registries

2.8.1 Scanning

2.8.2 CI

Domain 3 Install, Upgrade, and Backup / Prisma Cloud Administration

Task 3.1 Deploy and manage Console for the Compute Edition

3.1.1 Prisma Cloud release software

3.1.2 Console in Onebox configuration

3.1.3 Upgrade on Console

3.1.4 Business use case to determine Prisma Cloud version to use

3.1.5 Tenant versus Scale projects

Task 3.2 Deploy and manage defenders

3.2.1 Types

3.2.2 Networking for Defender-To-Console connectivity

3.2.3 Upgrade and Compatibility

Task 3.3 Configure Agentless Security

3.3.1 Agent versus Agentless

3.3.2 Cloud discovery

Task 3.4 Backup and restore Console

3.4.1 Backup management

3.4.2 Disaster recovery

Task 3.5 Manage authentication

3.5.1 Certificates

3.5.2 Secrets and credentials store

Task 3.6 Onboard accounts

3.6.1 Onboard cloud accounts

3.6.2 Account Groups

Task 3.7 Configure access control

3.7.1 Users, roles, and permission groups

3.7.2 Access control troubleshooting

3.7.3 Service accounts and access keys

3.7.4 Single Sign On

3.7.5 Role-based access control for Docker Engine (CWP)

3.7.6 Admission control with Open Policy Agent (CWP

3.7.7 Resource lists and collections

Task 3.8 Configure logging

3.8.1 Audit logging

3.8.2 Defender logging

Task 3.9 Manage enterprise settings

3.9.1 Anomaly settings

3.9.2 Idle timeout

3.9.3 Auto-enable policies

3.9.4 Alert dismissal reason

3.9.5 User attribution

3.9.6 Licensing

3.9.7 Access key maximum validity

Task 3.10 Configure third-party integrations

3.10.1 Inbound and outbound notifications

3.10.2 Supported capabilities

Task 3.11 Leverage Cloud and Compute APIs

3.11.1 Authenticate with APIs

3.11.2 API documentation

3.11.3 Policies and custom queries by API

3.11.4 Alerts and Reports using APIs

3.11.5 Vulnerability results via API

3.11.6 Access keys

3.11.7 Data security and IAM APIs

Task 3.12 Leverage Adoption Advisor and Alarm Center

3.12.1 Notification rule

3.12.2 Adoption Advisor guidance

Task 3.13 Access Knowledge Center and Help Center

3.13.1 Knowledge Center

3.13.2 Help Center

3.13.3 Feature requests

3.13.4 PCCSE

3.13.5 Live Community

3.13.6 Product status updates

3.13.7 Docs, Prisma Cloud Privacy and Support options

Domain 4 Cloud Network Security and Identity-Based Microsegmentation Enterprise Edition

Task 4.1 Configure Cloud network analyzer

4.1.1 Network exposure policy

4.1.2 RQL

Task 4.2 Deploy and manage Enforcers

4.2.1 Processing units

4.2.2 Namespaces

4.2.3 Tags and identity

4.2.4 Network rulesets

4.2.5 Out-of-the-box rules

4.2.6 Application profiling

Task 4.3 Manage local changes in a remote repository (dev-prod) Configuration

4.3.1 Types

4.3.2 Networking for Enforcers-to-Console connectivity

Task 4.4 Use NetSecOps dashboard

4.4.1 Flows

Domain 5 Prisma Cloud Code Security (PCCS)

Task 5.1 Implement scanning for IAC templates

5.1.1 Terraform and Cloudformation scanning configurations

5.1.2 OOTB IAC scanning integrations

5.1.3 API scanning

5.1.4 IAC scanning integration

5.1.5 Supply-chain security

5.1.6 Handling scanned issues

5.1.7 Repository scanning

Task 5.2 Configure policies in Console for IAC scanning

5.2.1 OOTB policies

5.2.2 Custom build policies

5.2.3 Types of config policies

5.2.4 Prisma configuration files

Task 5.3 Configure CI policies for Compute scanning

5.3.1 Default CI policies

5.3.2 Custom CI policies

Task 5.4 Manage configuration settings

5.4.1 Code reviews

5.4.2 Code repository settings

5.4.3 Notifications

5.4.4 Pull requests and tagging bots

Domain 6 Identity and Access Management (IAM)/Prisma Cloud Data Security (PCDS)

Task 6.1 Calculate net effective permissions

6.1.1 AWS calculation

6.1.2 Azure calculation

Task 6.2 Investigate incidents and create IAM policies

6.2.1 RQL queries

6.2.2 IAM policies

Task 6.3 Integrate IAM with IdP

6.3.1 Azure active directory

6.3.2 Okta

Task 6.4 Remediate alerts

6.4.1 Manual versus automatic

6.4.2 AWS remediation

6.4.3 Azure remediation

Task 6.5 Monitor Scan Results

6.5.1 Monitor Scan Results

6.5.2 Data Inventory

6.5.3 Resource Explorer

6.5.4 Object Explorer

6.5.5 Exposure Evaluation

Task 6.6 Assess Data Policies and Alerts

6.6.1 Data policy vs data pattern

6.6.2 Alerts

Task 6.7 Define data security scan settings

6.7.1 Scan configuration

6.7.2 Data profile and pattern

6.7.3 File extensions

6.7.4 Snippet masking

"Palo Alto Networks Prisma", "Prisma Certified Cloud Security Engineer (PCCSE)" are registered marks of Palo Alto Networks.This practice test is only for exam practice questions. This is an Unofficial course and this course is not affiliated, licensed or trademarked with Palo Alto Networks in any way.